From 3ef2bcad02efd6219f4ce599754c15e63b6af0dc Mon Sep 17 00:00:00 2001 From: Jeremy Huddleston Date: Mon, 29 Jul 2013 18:28:30 -0700 Subject: imap-send: use Apple's Security framework for base64 encoding Use Apple's supported functions for base64 encoding instead of the deprecated OpenSSL functions. Signed-off-by: Jeremy Huddleston Signed-off-by: David Aguilar Signed-off-by: Junio C Hamano --- Makefile | 1 + compat/apple-common-crypto.h | 86 ++++++++++++++++++++++++++++++++++++++++++++ git-compat-util.h | 11 ++++++ imap-send.c | 14 -------- 4 files changed, 98 insertions(+), 14 deletions(-) create mode 100644 compat/apple-common-crypto.h diff --git a/Makefile b/Makefile index 5e7cadf017..dddf49bd6f 100644 --- a/Makefile +++ b/Makefile @@ -1398,6 +1398,7 @@ ifdef PPC_SHA1 LIB_H += ppc/sha1.h else ifdef APPLE_COMMON_CRYPTO + LIB_4_CRYPTO += -framework Security -framework CoreFoundation COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL SHA1_HEADER = else diff --git a/compat/apple-common-crypto.h b/compat/apple-common-crypto.h new file mode 100644 index 0000000000..c8b9b0e1a6 --- /dev/null +++ b/compat/apple-common-crypto.h @@ -0,0 +1,86 @@ +/* suppress inclusion of conflicting openssl functions */ +#define OPENSSL_NO_MD5 +#define HEADER_HMAC_H +#define HEADER_SHA_H +#include +#define HMAC_CTX CCHmacContext +#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len) +#define HMAC_Update CCHmacUpdate +#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash) +#define HMAC_CTX_cleanup(ignore) +#define EVP_md5(...) kCCHmacAlgMD5 +#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 +#define APPLE_LION_OR_NEWER +#include +/* Apple's TYPE_BOOL conflicts with config.c */ +#undef TYPE_BOOL +#endif + +#ifdef APPLE_LION_OR_NEWER +#define git_CC_error_check(pattern, err) \ + do { \ + if (err) { \ + die(pattern, (long)CFErrorGetCode(err)); \ + } \ + } while(0) + +#define EVP_EncodeBlock git_CC_EVP_EncodeBlock +static inline int git_CC_EVP_EncodeBlock(unsigned char *out, + const unsigned char *in, int inlen) +{ + CFErrorRef err; + SecTransformRef encoder; + CFDataRef input, output; + CFIndex length; + + encoder = SecEncodeTransformCreate(kSecBase64Encoding, &err); + git_CC_error_check("SecEncodeTransformCreate failed: %ld", err); + + input = CFDataCreate(kCFAllocatorDefault, in, inlen); + SecTransformSetAttribute(encoder, kSecTransformInputAttributeName, + input, &err); + git_CC_error_check("SecTransformSetAttribute failed: %ld", err); + + output = SecTransformExecute(encoder, &err); + git_CC_error_check("SecTransformExecute failed: %ld", err); + + length = CFDataGetLength(output); + CFDataGetBytes(output, CFRangeMake(0, length), out); + + CFRelease(output); + CFRelease(input); + CFRelease(encoder); + + return (int)strlen((const char *)out); +} + +#define EVP_DecodeBlock git_CC_EVP_DecodeBlock +static int inline git_CC_EVP_DecodeBlock(unsigned char *out, + const unsigned char *in, int inlen) +{ + CFErrorRef err; + SecTransformRef decoder; + CFDataRef input, output; + CFIndex length; + + decoder = SecDecodeTransformCreate(kSecBase64Encoding, &err); + git_CC_error_check("SecEncodeTransformCreate failed: %ld", err); + + input = CFDataCreate(kCFAllocatorDefault, in, inlen); + SecTransformSetAttribute(decoder, kSecTransformInputAttributeName, + input, &err); + git_CC_error_check("SecTransformSetAttribute failed: %ld", err); + + output = SecTransformExecute(decoder, &err); + git_CC_error_check("SecTransformExecute failed: %ld", err); + + length = CFDataGetLength(output); + CFDataGetBytes(output, CFRangeMake(0, length), out); + + CFRelease(output); + CFRelease(input); + CFRelease(decoder); + + return (int)strlen((const char *)out); +} +#endif /* APPLE_LION_OR_NEWER */ diff --git a/git-compat-util.h b/git-compat-util.h index e955bb5e8b..6ebb02967d 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -127,6 +127,17 @@ #else #include #endif + +#ifndef NO_OPENSSL +#ifdef APPLE_COMMON_CRYPTO +#include "compat/apple-common-crypto.h" +#else +#include +#include +#endif /* APPLE_COMMON_CRYPTO */ +#include +#endif /* NO_OPENSSL */ + #if defined(__MINGW32__) /* pull in Windows compatibility stuff */ #include "compat/mingw.h" diff --git a/imap-send.c b/imap-send.c index d6b65e204c..6f5cc4f782 100644 --- a/imap-send.c +++ b/imap-send.c @@ -28,20 +28,6 @@ #include "prompt.h" #ifdef NO_OPENSSL typedef void *SSL; -#else -#ifdef APPLE_COMMON_CRYPTO -#include -#define HMAC_CTX CCHmacContext -#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len) -#define HMAC_Update CCHmacUpdate -#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash) -#define HMAC_CTX_cleanup(ignore) -#define EVP_md5() kCCHmacAlgMD5 -#else -#include -#include -#endif -#include #endif static const char imap_send_usage[] = "git imap-send < "; -- cgit v1.2.3 From c984938f9c454255012086e1203504dc243a59bd Mon Sep 17 00:00:00 2001 From: Brian Gernhardt Date: Mon, 5 Aug 2013 11:59:22 -0400 Subject: Makefile: Fix APPLE_COMMON_CRYPTO with BLK_SHA1 It used to be that APPLE_COMMON_CRYPTO did nothing when BLK_SHA1 was set. But APPLE_COMMON_CRYPTO is now used for more than just SHA1 (see 3ef2bca) so make sure that the appropriate libraries are always set. Signed-off-by: Brian Gernhardt Reviewed-by: Jeremy Huddleston Sequoia Signed-off-by: Junio C Hamano --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index dddf49bd6f..613b42f57e 100644 --- a/Makefile +++ b/Makefile @@ -1167,6 +1167,9 @@ ifdef NEEDS_SSL_WITH_CRYPTO else LIB_4_CRYPTO = $(OPENSSL_LINK) -lcrypto endif +ifdef APPLE_COMMON_CRYPTO + LIB_4_CRYPTO += -framework Security -framework CoreFoundation +endif endif ifdef NEEDS_LIBICONV ifdef ICONVDIR @@ -1398,7 +1401,6 @@ ifdef PPC_SHA1 LIB_H += ppc/sha1.h else ifdef APPLE_COMMON_CRYPTO - LIB_4_CRYPTO += -framework Security -framework CoreFoundation COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL SHA1_HEADER = else -- cgit v1.2.3 From f2be034c6918e7f5d42da5ad1cf9d3ef51c25a77 Mon Sep 17 00:00:00 2001 From: Brian Gernhardt Date: Mon, 5 Aug 2013 11:59:23 -0400 Subject: OS X: Fix redeclaration of die warning compat/apple-common-crypto.h uses die() in one of its macros, but was included in git-compat-util.h before the definition of die. Fix by simply moving the relevant block after the die/error/warning declarations. Signed-off-by: Brian Gernhardt Reviewed-by: Jeremy Huddleston Sequoia Signed-off-by: Junio C Hamano --- git-compat-util.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/git-compat-util.h b/git-compat-util.h index 6ebb02967d..d58739426c 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -128,16 +128,6 @@ #include #endif -#ifndef NO_OPENSSL -#ifdef APPLE_COMMON_CRYPTO -#include "compat/apple-common-crypto.h" -#else -#include -#include -#endif /* APPLE_COMMON_CRYPTO */ -#include -#endif /* NO_OPENSSL */ - #if defined(__MINGW32__) /* pull in Windows compatibility stuff */ #include "compat/mingw.h" @@ -329,6 +319,16 @@ extern NORETURN void die_errno(const char *err, ...) __attribute__((format (prin extern int error(const char *err, ...) __attribute__((format (printf, 1, 2))); extern void warning(const char *err, ...) __attribute__((format (printf, 1, 2))); +#ifndef NO_OPENSSL +#ifdef APPLE_COMMON_CRYPTO +#include "compat/apple-common-crypto.h" +#else +#include +#include +#endif /* APPLE_COMMON_CRYPTO */ +#include +#endif /* NO_OPENSSL */ + /* * Let callers be aware of the constant return value; this can help * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though, -- cgit v1.2.3